CVE-2006-0988

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Published: Mar 3, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0988
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_nt	4.0	4.0.x
microsoft / windows_2000	-	-
microsoft / windows_2003_server	r2	r2.x

http://dns.measurement-factory.com/surveys/sum1.html
http://www.securityfocus.com/archive/1/426368/100/0/threaded
http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf

Vulnerability Database

289,599

CVE-2006-0988